Ransomware and Recent Variants

Discussion in 'malware problems & news' started by ronjor, Mar 31, 2016.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,010
    Location:
    Slovenia
    Ransomware Profile: Egregor
    https://blog.emsisoft.com/en/37810/ransomware-profile-egregor/
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,010
    Location:
    Slovenia
    Ransomware Profile: NetWalker
    https://blog.emsisoft.com/en/37677/ransomware-profile-netwalker/
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    36,598
    The Week in Ransomware - March 5th 2021 - Targeting service providers
    March 5, 2021
    https://www.bleepingcomputer.com/ne...e-march-5th-2021-targeting-service-providers/
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    36,598
    The Week in Ransomware - March 12th 2021 - Encrypting Exchange servers
    March 12, 2021
    https://www.bleepingcomputer.com/ne...-march-12th-2021-encrypting-exchange-servers/
     
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,010
    Location:
    Slovenia
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    36,598
    The Week in Ransomware - March 19th 2021 - Highest ransom ever!
    March 19, 2021
    https://www.bleepingcomputer.com/ne...nsomware-march-19th-2021-highest-ransom-ever/
     
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,263
    Location:
    U.S.A.
    This article is worth a "full read." If your PC suddenly reboots to Safe mode and you're presented with the Win logon screen; assuming you have that configured, immediately power down your PC.
     
    Last edited: Mar 21, 2021
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,149
    Location:
    Canada
    They say REvil is also known as Sodinokibi, which typically starts as a phishing email. If the recipient clicks on the link, it downloads the malicious-and-hard-for-antivirus-to-detect zip file, then the user needs to double-click the file to launch the attack. So assuming the user needs to screw up twice, which is not out of the realm of possibility, then some other protection in the form of system hardening such as HIPS, SRP, or maybe OSArmor, to name a few possibilities could come to the rescue. The obfuscated javascript file is proof antivirus can't be depended on 100%.
     
  9. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    16,386
    Location:
    UK
  10. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,010
    Location:
    Slovenia
  11. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,193
    Location:
    DC Metro Area
    "Ziggy Ransomware Gang Offers Refunds to Victims

    The Ziggy ransomware gang announced in early February they were getting out of the cybercrime business. Now they say they’re ready to refund their victims’ money.

    Anyone who paid a ransom to Ziggy just needs to shoot them an email with proof of payment calculated in Bitcoin and the computer ID. After that, the money will be returned to the Bitcoin wallet in about two weeks...

    Apparently, Ziggy was scared straight in early February after law-enforcement takedowns of fellow purveyors of malware like Emotet and the NetWalker ransomware; and added that they were feeling guilty..."

    https://threatpost.com/ziggy-ransomware-gang-offers-refund-to-victims/165124/
     
  12. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,193
    Location:
    DC Metro Area
    "Hacked companies are paying off ransomware gangs, the criminals are reinvesting the profits in making bigger and bolder attacks, and there's no end in sight...

    Gangs, many located in Russia, and using their loot to invest in AI and other tools to be more effective...

    Whether the payments come via insurers or from the companies themselves, they are funding advancements for the gangs. 'They're investing in the development of automation tools' ... using machine learning to find and exploit holes in organizations' defenses. It used to take gangs weeks to seize organizations' data and demand a ransom, the analyst said. Now it can be done in hours..."

    https://www.businessinsider.com/ran...-coalition-deep-instinct-vicious-cycle-2021-4
     
  13. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    16,386
    Location:
    UK
  14. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,010
    Location:
    Slovenia
  15. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,010
    Location:
    Slovenia
  16. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,010
    Location:
    Slovenia
    Dutch supermarkets run out of cheese after ransomware attack
    https://www.bleepingcomputer.com/ne...ts-run-out-of-cheese-after-ransomware-attack/
     
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,010
    Location:
    Slovenia
    PSA: Severe bug in Babuk ransomware decryptor leads to data loss
    https://blog.emsisoft.com/en/38378/psa-severe-bug-in-babuk-ransomware-decryptor-leads-to-data-loss/
     
  18. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,193
    Location:
    DC Metro Area
    "Ransomware Gang Strikes The NBA Houston Rockets

    Screenshots...indicate that the attackers claim to have stolen 500 gigabytes of data during the breach...

    The ransomware used in the attack, Babuk, is not considered to be especially sophisticated. It is, however, still quite dangerous. Babuk has been unleashed against a variety of targets in the healthcare sector, as well as manufacturers and logistics companies...

    Files stolen during the attack appear to include player contracts, non-disclosure agreements, personnel information and other financial data. In the ransom note left behind, the attackers note that the data 'could lead to legal problems and cause concern for customers' if published..."

    https://www.forbes.com/sites/leemat...-strikes-the-houston-rockets/?sh=3853fb6b74ba
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.